git.baikalelectronics.ru Git - kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Sun, 19 Jun 2005 05:45:31 +0000 (22:45 -0700)
committer	David S. Miller <davem@davemloft.net>
	Sun, 19 Jun 2005 05:45:31 +0000 (22:45 -0700)
commit	71e74c9e1a0d2e37c602719fc5c001b1a73bbe61
tree	a6b04337c4f6d1ff7b050082dc7e69dc5617d3d0	tree \| snapshot
parent	8cd9f497e3bf24341e4e253ef3ea2b2a5382509c	commit \| diff

[IPSEC] Fix xfrm_state leaks in error path

Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
>       if (IS_ERR(x))
>               return PTR_ERR(x);
>
> +     xfrm_state_hold(x);

This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/key/af_key.c		diff \| blob \| history
net/xfrm/xfrm_user.c		diff \| blob \| history